Re: [squid-users] Firewall config and authentication

From: Joe Cooper <joe@dont-contact.us>
Date: Tue, 15 May 2001 00:00:31 -0500

No need for a HOWTO... Either block outgoing traffic on port 80, or
redirect it to a webserver that displays a proxy configuration guide.

To block port 80:

ipchains -I input 1 -s 0/0 -d 0/0 80 -p tcp -j DENY

Or to be a little more polite to your users, redirect them to a local
webserver that only provides instructions for configuring the proxy:

ipchains -I input 1 -s 0/0 -d 0/0 80 -p tcp -j REDIRECT 8080

8080 being the port where your Apache on the Squid machine runs.
(Actually you can use whatever webserver you want for this--I would
probably use something very light weight and known secure, like thttpd.)

The index page for this web server should say something like:

Please configure your browser to use cache.local.net for it's web proxy.
  This can be done in the following ways for the following
browsers...etc. etc.

Or you could use the proxy transparently. (But that has other potential
issues.)

squid@ecamp.net wrote:

> Can someone point me to an ipchains firewall / squid setup that
> will only let proxy authenticated users use the connection?
> So if someone say sticks there laptop on the network and gets a DHCP
> address and doesnt config IE to sue proxy, I dont want them to get out...
> How do I do this?! ;)
>
> Thanks

                                   --
                      Joe Cooper <joe@swelltech.com>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com
Received on Mon May 14 2001 - 22:58:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:00 MST